This page contains an overview of SaaS services (un)affected by the Spring4shell vulnerabilities. NCSC-NL and partners are attempting to maintain a list of all known vulnerable and not vulnerable software. Listed software is paired with specific information regarding which version contains the security fixes and which software still requires fixes. Please note that this vulnerability may also occur in custom software developed within your organisation. These occurrences are not registered in this overview.
| Supplier | Service | Status Spring4shell | Confirmed vulnerable / under investigation / not vulnerable | Notes | Links |
|---|---|---|---|---|---|
| AFAS | AFAS | Not vulnerable | Verified by vendor (mail) | ||
| AWS | Multiple | Not vulererable | Verified by vendor (mail) | ||
| Atlassian | Confluence | Not Vulnerable | https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html | ||
| Atlassian | Jira | Not Vulnerable | https://confluence.atlassian.com/kb/faq-for-cve-2022-22963-cve-2022-22965-1115149136.html | ||
| Blendr.io | Blendr.io | Not vulnerable | Verified by vendor (mail) | ||
| Coveo | Coveo | Not vulnerable | Verified by vendor (mail) | ||
| Hubper | Hubper | Not vulnerable | Verified by vendor (mail) | ||
| Jamf | Jamf Pro / Jamf Connect | Not vulnerable | 10.37.2 and 10.36.4 patched | https://community.jamf.com/t5/jamf-pro/spring4shell-vulnerability/td-p/262584 | |
| LucidChart | LucidChart | Under investigation | Verified by vendor (mail) | ||
| Miro | Miro | Not vulnerable | Verified by vendor (mail) | ||
| Okta | Okta, Okta Workflows, Auth0, Okta Agents, Okta Access Gateway | Not vulnerable | https://sec.okta.com/articles/2022/04/oktas-response-cve-2022-22965-spring4shell | ||
| SalesForce | Tableau online | On premise version uses Spring, Tomcat and JDK9 | Under investigation | Still under investiagtion by vendor (mail) | https://kb.tableau.com/articles/issue/Spring4Shell-CVE-2022-22963-and-CVE-2022-22965 and https://status.salesforce.com/generalmessages/884 |
| SentinelOne | SentinelOne | Not vulnerable | Verified by vendor (mail) | ||
| Solutions2Share | Teams Manager | Not vulnerable | Verified by vendor (mail) | ||
| Templafy | Templafy | Not vulnerable | Verified by vendor (mail) | ||
| Unit4 | Intuo (unit4 talent managment) | Not vulnerable | Verified by vendor (mail) | ||
| Laserfiche | Laserfiche cloud | Not Vulnerable | https://support.laserfiche.com/kb/1014369/spring-framework-vulnerabilities-cve-2022-22965-cve-2022-22963-cve-2022-22947 |